Roles of the parties
The restaurant is the controller of its guest and reservation data. Bookler.online is the processor and processes that data only on the documented instructions of the restaurant, including for any transfer to a third country, unless required to do otherwise by EU or member-state law. Using the product as intended counts as an instruction.
Subject matter and duration
The subject matter is the provision of reservation software. Processing lasts as long as the restaurant’s account is active, plus the short period needed to return or delete data afterwards.
Data subjects and categories of data
Data subjects are the restaurant’s guests and its staff users. Categories include name, email address, phone number, reservation date, time and party size, table and seating notes, guest messages, and staff account details. Allergy and dietary notes may qualify as health data, so restaurants should record only what the booking genuinely requires and should not enter other special categories of data into Bookler.
Security measures
Bookler applies appropriate technical and organisational measures, including encryption in transit and at rest, role-based access control, separation of restaurant accounts, hosted checkout so that card numbers never reach our systems, logging of administrative access, and regular backups. Measures are reviewed as the service changes.
Confidentiality
Everyone Bookler authorises to process guest data is bound by confidentiality and is given access only to what their role requires.
Sub-processors
The restaurant gives general written authorisation for the sub-processors listed on our sub-processors page. Each is bound by data-protection obligations equivalent to those in this agreement, and Bookler remains fully liable for their performance. We publish changes to that list and aim to give at least 30 days notice before a new sub-processor starts processing guest data, so a restaurant can object.
International transfers
Where a sub-processor processes guest data outside the European Economic Area, Bookler relies on an adequacy decision, the EU–US Data Privacy Framework, or Standard Contractual Clauses. The safeguard for each provider is listed on the sub-processors page.
Assistance to the restaurant
Taking into account the nature of the processing and the information available to us, Bookler assists the restaurant with requests from guests to access, correct, delete, export, restrict, or object to processing, and with data protection impact assessments and prior consultation where these apply.
Personal data breaches
Bookler notifies the restaurant without undue delay after becoming aware of a personal data breach affecting its data, and provides the information the restaurant needs to meet its own notification duties to its supervisory authority and to affected guests.
Return and deletion
When the account ends, Bookler deletes or returns guest and reservation data within 90 days, except where storage is required by law. A restaurant can also request deletion earlier through our data deletion page.
Audits
Bookler makes available the information needed to demonstrate compliance with Article 28 and allows for audits and inspections by the restaurant or an auditor it mandates, on reasonable notice and normally no more than once a year, unless a breach or a supervisory authority requires otherwise.
How this agreement is accepted
This agreement applies automatically when a restaurant accepts the Terms of Service, so no separate signature is needed. If your organisation needs a signed copy or a version on its own template, email app@bookler.online.